Share this story

A federal judge refused to compel a Wisconsin suspect to decrypt the contents of several hard drives because doing so would violate the man's Fifth Amendment right against self-incrimination. Judge William E. Callahan's Friday ruling ultimately labeled the issue a "close call."

Courts have wrestled with how to apply the Fifth Amendment to encrypted hard drives for several years. According to past rulings, forcing a defendant to decrypt a hard drive isn't necessarily self-incriminating, but forcing a defendant to decrypt a hard drive can amount to self-incrimination if the government can't otherwise show that the defendant has the password for the drive. In that case, forced decryption amounts to a forced confession that the defendant owns the drive.

For example, in one case a border patrol agent viewed incriminating files on a suspect's laptop during a border crossing. But the official then closed the laptop, causing the portion of the hard drive containing the files to be encrypted automatically and deprive investigators of access. The court ruled that because the government already knew the files existed and the suspect had access to them, compelling their decryption didn't force the suspect to implicitly admit the laptop was his.

The circumstances of the Wisconsin case were different. While police officers did find logs on the suspect's PC suggesting that incriminating files had been saved to an encrypted drive, the suspect had multiple encrypted hard drives in his apartment, and the government had no way of proving which specific hard drives, if any, contained the incriminating files in question. In theory, a guest might have used the man's computer to download the files and store them on a hard drive he didn't own. Or the hard drives containing the files might not be among the ones the police seized.

"Feldman’s act of production, which would necessarily require his using a password of some type to decrypt the storage device, would be tantamount to telling the government something it does not already know with 'reasonably particularity'—namely, that Feldman has personal access to and control over the encrypted storage devices," Judge Callahan wrote. "Accordingly, in my opinion, Fifth Amendment protection is available to Feldman. Stated another way, ordering Feldman to decrypt the storage devices would be in violation of his Fifth Amendment right against compelled self-incrimination."

This is just stupid. The 5th amendment should protect you against forced confessions, not unlocking hard drives that are reasonably suspected to contain incriminating files, and in your apartment.

As the article mentions, in some cases they've decided differently, in this one, the judge ruled they didn't have a reasonable enough suspicion to force it.

Quote:

No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

Generally this is how the US Justice system is supposed to work. A ruling that reinforces the boundaries and protections afforded us by the Constitution, regardless of how ugly or pretty the case may be.

Note to self, encrypt all spare hard drives in house. I finally have a use for all of those 80GB IDEs I have lying around...

3 words: HiddenTrueCryptVolume

TrueCrypt users MUST be made aware that if their computer is in sleep mode and the volume has been mounted (even in the past), the keys are in memory and can be read by forensic tools that do memory dumps.

To summarize, TrueCrypt cannot and does not ensure that RAM contains no sensitive data (e.g. passwords, master keys, or decrypted data). Therefore, after each session in which you work with a TrueCrypt volume or in which an encrypted operating system is running, you must shut down (or, if the hibernation file is encrypted, hibernate) the computer and then leave it powered off for at least several minutes (the longer, the better) before turning it on again. This is required to clear the RAM.

This is just stupid. The 5th amendment should protect you against forced confessions, not unlocking hard drives that are reasonably suspected to contain incriminating files, and in your apartment.

Decrypting the files would be tantamount to a confession. They only suspect that the files might exist or be illegal (the file name in a log can't prove the content of the files, and someone else might have downloaded them or you might have downloaded files 'accidentally" and immediate deleted them).

The police weren't saying "We have proof that the files are there, so decrypt the drive" (which was the case in the border search... the agent saw the files). They are looking for files in order to build a case against you, so decrypting them would automatically implicate yourself.

If the police come to my home with a search warrant and they can't force me to open a safe. But they can take the safe and forcibly have it opened (just like they can try to crack the encryption on the drives).

TrueCrypt users MUST be made aware that if their computer is in sleep mode and the volume has been mounted (even in the past), the keys are in memory and can be read by forensic tools that do memory dumps

That's why every real paranoid fanatic has a remote-control power switch and/or EMP bomb installed in his rig

TrueCrypt users MUST be made aware that if their computer is in sleep mode and the volume has been mounted (even in the past), the keys are in memory and can be read by forensic tools that do memory dumps

That's why every real paranoid fanatic has a remote-control power switch and/or EMP bomb installed in his rig

Ok...so...come back with warrant and nail the sucker. PLEASE??? Or are they saying there is not enough proof for a warrant either?

Warrants are worthless in this case. Forcing him to decrypt the drive would be self-incrimination, which is banned by the Fifth Amendment. Ergo, no judge, warrant, or government official can legally do so.

The crux of the decision to afford the Defendant 5th Amendment protection is that the government was unable to show that the Defendant had "personal control and access" to the encrypted hard drives...that is, its predicated on the notion that the government does not reasonably know with a high degree of certainty that these hard drives and the contents belong to the Defendant.

So,even if the government found a way to successfully bypass the encryption, what they would be left with is a bunch of hard drives full of child porn (this is an assumption that there is child porn on them) yet still unable to demonstrate the Defendant was the owner of the hard drives...Clearly there is a failure to develop a chain of custody and ownership and the 5th Amendment is the least of the government's worries in this case.

On a side note: By asserting the 5th Amendment, he implicitly acknowledges that 1) It is very possible I can access the drives; 2) If I do access them, there may be incriminating information on them. Although a judge or jury cannot draw any inferences from someone asserting the 5th Amendment, one cannot assert the 5th Amendment unless he has a reasonable belief that, in this case, lifting the encryption would potentially be incriminating to him.

This is just stupid. The 5th amendment should protect you against forced confessions, not unlocking hard drives that are reasonably suspected to contain incriminating files, and in your apartment.

Decrypting the files would be tantamount to a confession. They only suspect that the files might exist or be illegal (the file name in a log can't prove the content of the files, and someone else might have downloaded them or you might have downloaded files 'accidentally" and immediate deleted them).

The police weren't saying "We have proof that the files are there, so decrypt the drive" (which was the case in the border search... the agent saw the files). They are looking for files in order to build a case against you, so decrypting them would automatically implicate yourself.

If the police come to my home with a search warrant and they can't force me to open a safe. But they can take the safe and forcibly have it opened (just like they can try to crack the encryption on the drives).

It's more so a question of ownership in this decision. If the government were able to establish ownership with reasonable particularity, then the 5th Amendment defense would not apply (according to the language of the decision).

On a side note: By asserting the 5th Amendment, he implicitly acknowledges that 1) It is very possible I can access the drives; 2) If I do access them, there may be incriminating information on them. Although a judge or jury cannot draw any inferences from someone asserting the 5th Amendment, one cannot assert the 5th Amendment unless he has a reasonable belief that, in this case, lifting the encryption would potentially be incriminating to him.

And to add to that, it could very well be (however unlikely) that he would be incriminating himself against some other crime we don't know about and not the one he's suspected of.

Note to self, encrypt all spare hard drives in house. I finally have a use for all of those 80GB IDEs I have lying around...

3 words: HiddenTrueCryptVolume

TrueCrypt users MUST be made aware that if their computer is in sleep mode and the volume has been mounted (even in the past), the keys are in memory and can be read by forensic tools that do memory dumps.

Your quote primarily applies to system volumes (Full disk encryption of the boot volume). For non-system volumes, truecrypt does clear the keys from ram when you dismount. It has no way to verify that other programs don't have cached copies of your encrypted files in ram(decrypted), but your keys are relatively safe in that situation.

If you hibernate/sleep the computer while a volume IS mounted.. well, that's your mistake. ;P

OK, I'm confused. If this guy is in court because police found evidence of him having downloaded child pornography to an encrypted drive, doesn't the fact that they found encrypted drives in his house enough to say with 'reasonably particularity' that those drives may be the ones with the illicit content on them?

No.. basically, unless the police can say for sure that that guy was the one using the computer (Say, they have the username of the person who downloaded the stuff, and it happens to be the same as the guy's email address, that might be enough)... but they can't go on on a 'fishing expedition'. They have to be able to say with specificity where they'd find the data in question.

Note to self, encrypt all spare hard drives in house. I finally have a use for all of those 80GB IDEs I have lying around...

This is insane. You need to have multiple encrypted drives to avoid having to give up your password, but if there is only one drive then you need to give the password? That is because the cops know it is on THAT drive because it is your only drive?

What if a tape the "pedo bear" on an external drive? Does that make the drive searchable?

This hurts my brain!

Kiddie porn is bad, no doubt about it. But I have serious doubt about how much of that crap is actually out there, or more correctly if it is actually pornographic rather than nudity. Granted we haven't heard much in a long time about parents getting busted for photographing their kids in the tub, but that is probably because nobody uses film thee days so there is no lab to turn in the so-called pornographer. But you do read about these kids getted busted for mailing aound "sexting" photos. Some are just topless. Can we at least limit pornography to sex acts and stop busting these dumb ass teens?

I'm always leary of crimes of "posession." They can put a photo on your drive and it is 5 years in a federal pen. Or put drugs in your house. Just last week some cop was busted in Sacramenro for writing false police reports. He was busted because the reports didn't match his own patrol car cam!

How would they force him to divulge the password for the harddrive anyway? Surely any sanction they could throw at him would be less severe than the consequence of being found to have childporno.

This is the bigger problem. Even if they were his drives, and they could prove the drives were his, there's no way he could be forced to divulge the password short of cruel and unusual punishment or torture.

The only real solution to any of this would be a mandate requiring all encryption methods to have a backdoor for law enforcement access. This would be equivalent to safe manufacturers providing a skeleton key or physical bypass mechanism for a locked safe.

The ramifications of such a law are extremely disturbing, however, since encryption bypass methods could be used and abused by anyone with the requisite knowledge, making encryption essentially a futile endeavor.

Basically, the government can't force him to hand over evidence against himself. No, if the government had reasonable suspicion that the drives conatined illicit material and they were able to decrypt them themselves, I don't think the government would be in this situation.

The authorities can get a warrant to look around your property and they can find evidence against you, but they can't compel you to show them where the evidence against you is or hand it over.

TrueCrypt users MUST be made aware that if their computer is in sleep mode and the volume has been mounted (even in the past), the keys are in memory and can be read by forensic tools that do memory dumps

That's why every real paranoid fanatic has a remote-control power switch and/or EMP bomb installed in his rig

I place thermite strips on all my drives with a remote igniter.

Also, as I learned back in computer forensics.. if someone is fully aware they're doing something illegal, and fully aware of the penalties.. they may very well have done something exactly like that. More common than a remote igniter is just bolting something to the wall behind the computer, so that if you pull the computer forward from the wall, it strikes some matches and ignites some explosives packed up underneath the hard drive. Performing searches in those kinds of cases is not necessarily safe for the investigators. There were documented cases of it we were warned about.

Ok...so...come back with warrant and nail the sucker. PLEASE??? Or are they saying there is not enough proof for a warrant either?

Warrants are worthless in this case. Forcing him to decrypt the drive would be self-incrimination, which is banned by the Fifth Amendment. Ergo, no judge, warrant, or government official can legally do so.

With a proper warrant police wouldn't ask. they can decrypt the files themselves at another location, as mentioned in other posts.

No.. basically, unless the police can say for sure that that guy was the one using the computer (Say, they have the username of the person who downloaded the stuff, and it happens to be the same as the guy's email address, that might be enough)... but they can't go on on a 'fishing expedition'. They have to be able to say with specificity where they'd find the data in question.

Does anyone have a link to any original story about how this guy became a suspect in the first place?

Even if a username were tied to him and was used to download illicit images, he could still claim his computer was logged in to his account and someone else did it. Basically there's no way to prove he did it. Even if they found unencrypted drives at his house with child porn on them, how can they prove he put it there, not someone else?

Ok...so...come back with warrant and nail the sucker. PLEASE??? Or are they saying there is not enough proof for a warrant either?

Warrants are worthless in this case. Forcing him to decrypt the drive would be self-incrimination, which is banned by the Fifth Amendment. Ergo, no judge, warrant, or government official can legally do so.

With a proper warrant police wouldn't ask. they can decrypt the files themselves at another location, as mentioned in other posts.

Well, they can try until the statue of limitations runs out. or the accused is no longer alive to face charges.

Completely agree with everything you said. However, doesn't this make a case for some kind of law reform that would require someone to decrypt a drive that may contain evidence of wrongdoing, assuming the police have reasonable suspicion and a search warrant?

By that reasoning, you could also make someone unencrypt a coded letter, which the police have been told on numerous occasions in the past that they cannot force someone to do.

The bottom line is that encryption is making it harder for the police to 'get the bad guys' (or what they think are bad guys) but that does not mean that we should sweep away the protections of the Constitution just because "I's thinks deys criminals!" like some mongoloid police officers and prosecutors would like us to.

If law enforcement knows that what there is incriminating files on a specific hard drive/computer, then the owner can be compelled to decrypt it.

If law enforcement only suspects that their may be incriminating files on a hard drive/computer, then they cannot compel the owner to decrypt.

That actually makes sense. You really aren't incriminating yourself if law enforcement knows what you did.

Ah, but law enforcement cannot 'know what you did' without breaking the law and hacking into your system, ISP logs, especially in the case where someone has a wireless router, ONLY prove that someone with access to the modem in question downloaded CP.

It doesn't tell you specifically which computer that was downloaded to, it could very well be someone outside your home piggybacking on your network. Even if they are using MAC addresses, those can be cloned.

The crux of the decision to afford the Defendant 5th Amendment protection is that the government was unable to show that the Defendant had "personal control and access" to the encrypted hard drives...that is, its predicated on the notion that the government does not reasonably know with a high degree of certainty that these hard drives and the contents belong to the Defendant.

So,even if the government found a way to successfully bypass the encryption, what they would be left with is a bunch of hard drives full of child porn (this is an assumption that there is child porn on them) yet still unable to demonstrate the Defendant was the owner of the hard drives...Clearly there is a failure to develop a chain of custody and ownership and the 5th Amendment is the least of the government's worries in this case.

On a side note: By asserting the 5th Amendment, he implicitly acknowledges that 1) It is very possible I can access the drives; 2) If I do access them, there may be incriminating information on them. Although a judge or jury cannot draw any inferences from someone asserting the 5th Amendment, one cannot assert the 5th Amendment unless he has a reasonable belief that, in this case, lifting the encryption would potentially be incriminating to him.

And that has no relevance to this particular case, because the incrimination is not specific. Lets say that the drives contain leaked national secrets, video evidence of mass murder, or *GASP* illegally downloaded copies of popular songs.

Completely agree with everything you said. However, doesn't this make a case for some kind of law reform that would require someone to decrypt a drive that may contain evidence of wrongdoing, assuming the police have reasonable suspicion and a search warrant?

By that reasoning, you could also make someone unencrypt a coded letter, which the police have been told on numerous occasions in the past that they cannot force someone to do.

The bottom line is that encryption is making it harder for the police to 'get the bad guys' (or what they think are bad guys) but that does not mean that we should sweep away the protections of the Constitution just because "I's thinks deys criminals!" like some mongoloid police officers and prosecutors would like us to.

Once again, complete agree with you. The problem is there is no reasonable solution to this issue. Every potential solution either stomps on Constitutional protections or dilutes the effectiveness of encryption enough to make it useless even for legitimate purposes. Some of my posts are being down-voted, presumably because they sound like they're in support of decreased rights for citizens. I'm just trying to point out that there aren't any solutions to this problem that don't have negative repercussions, one way or the other.

Rather than opening a discussion about potential solutions, people are just down-voting and posting obvious reasons for why the law was upheld properly, while ignoring the fact that the current situation can provide easy protection for real criminals. Where's that discussion?